Fedora has issued an advisory on May 23: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPTP7IW7Z54KXHWHH6JSVJ75RDCVQ4Z7/
Source RPM: (none) => zsync-0.6.2-12.mga10.src.rpm, zsync-0.6.2-11.mga9.src.rpmStatus comment: (none) => Patch available from FedoraWhiteboard: (none) => MGA9TOOCVE: (none) => CVE-2025-4638
Suggested advisory: ======================== The updated package fixes a security vulnerability: Improper Pointer Arithmetic in pcl. (CVE-2025-4638) References: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPTP7IW7Z54KXHWHH6JSVJ75RDCVQ4Z7/ ======================== Updated package in core/updates_testing: ======================== zsync-0.6.2-11.1.mga9 from SRPM: zsync-0.6.2-11.1.mga9.src.rpm
Status comment: Patch available from Fedora => (none)Version: Cauldron => 9Whiteboard: MGA9TOO => (none)Assignee: bugsquad => qa-bugsSource RPM: zsync-0.6.2-12.mga10.src.rpm, zsync-0.6.2-11.mga9.src.rpm => zsync-0.6.2-11.mga9.src.rpmStatus: NEW => ASSIGNED
Keywords: (none) => advisory
mga9-32 The following package is going to be installed: - zsync-0.6.2-11.1.mga9.i586 195KB of additional disk space will be used. ---- I created zsync file on an http server Then ran $ zsync http://mageia-highland.us/mageia/iso/9/Mageia-9-Live-Xfce-i586/Mageia-9-Live-Xfce-i586.iso.zsync it worked. Ran it again, it sync'd and made a backup as designed.
CC: (none) => brtians1
Installed 64bit version Went to a directory with an existing matching iso and ran zsync It compared and closed I think this is good to go.
Whiteboard: (none) => MGA9-64-OK MGA-32-OK
Whiteboard: MGA9-64-OK MGA-32-OK => MGA9-64-OK MGA9-32-OK
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2025-0162.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED